SUSE CVE-2018-12474

Improper input validation in obs-service-tarscm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to...

CVE-2022-39045

A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability...

Design/Logic Flaw

A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-39045

A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-39045

Mode C: Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 is affected by TALOS-2022-1611/CVE-2022-39045. A file-write vulnerability exists in the httpd upload.cgi functionality that, due to lack of filename sanitization, allows path traversal to overwrite arbitrary files. An uploaded file can be written...

jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin

A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability...

CVE-2020-36560

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

CVE-2022-38165

Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server...

samba: server memory information leak via SMB1

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...

Huawei EulerOS: Security Advisory for xz (EulerOS-SA-2022-2406)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gzip (EulerOS-SA-2022-2382)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for xz (EulerOS-SA-2022-2370)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : xz (EulerOS-SA-2022-2370)

According to the versions of the xz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name...

CVE-2022-34109

CVE-2022-34109 affects MSI Feature Navigator v1.0.1808.0901; the issue allows local attackers to write arbitrary files into the PromoPhoto directory, enabling potential arbitrary file write. CVE-2022-34110 enables attackers to download arbitrary files, also affecting the same MSI component. CVE-2...

Amazon Linux 2022 : gzip, xz, xz-devel (ALAS2022-2022-058)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-058 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...

CVE-2022-34373

CVE-2022-34373 affects Dell Command | Integration Suite for System Center (vulnerable: prior to 6.2.0). The vulnerability is an arbitrary file write undermining the ability of a locally authenticated user to perform writes as SYSTEM. Affected component is the Dell Command | Integration Suite for ...

ansible-runner has default temporary files written to world R/W locations

A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate use...

CVE-2022-34115

DataEase v1.11.1 is affected by a SQL injection vulnerability via the dataSourceId parameter. The issue is tracked as CVE-2022-34115; it is reported as critical (CVSS 3.1: 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A fix is available in v1.11.2. The connected sources also reference advisories and...

Huawei EulerOS: Security Advisory for gzip (EulerOS-SA-2022-1968)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

gzip security update

1.10-9 - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271...